QUESTION 132
The `We-Make-Widgets’ company has purchased twenty UTM-1 Edge appliances for their remote
56 offices. Kim decides the best way to manage those appliances is to use SmartProvisioning and create a profile they can all use. List the order of steps Kim would go through to add the Dallas Edge appliance to the remote Office profile Using the output below.
1.
Enter the name of the profile called “Remote Offices”

Correct Answer: B
QUESTION 133
You are Connectra administrator. Your users complain that their outlook Web Access is running extremely slowly, and their overall browsing experience configures to worsen. You suspect it could be a logging problem. Which of the following log file does Check Point recommended you purge?
A. Httpd*.log
B. Event_ws.log
C. Mod_ws_owd.log
D. Alert_owd.log

Correct Answer: B
QUESTION 135
If you experience unwanted traffic from a specific IP address, how can you stop it most quickly?
A. Check anti-spoofing settings.
B. Configure a rule to block the address
C. Create a SAM rule.
D. Activate an IPS protection.
Correct Answer: B
QUESTION 136
When does the SmartWorkflow Policy Installation window appear?
A. When the administrator installs an approved policy
B. When the manager approves a session
C. When the administrator installs an unapproved policy
D. When the administrator submits a session for approval

Correct Answer: C
QUESTION 137
Control connections between the security management Server and the Gateway are not encrypted by the VPN community. How are the connections secured?
A. They are encrypted and authenticated using SIC
B. They are not encrypted, but arc authenticated by the Gateway
C. They are secured by PPTF
D. They are not secured 58

Correct Answer: A QUESTION 138
Which of the following is NOT an IPS Event Analysis Permission Profile type?
A. View
B. Read/Write
C. No Access
D. Events Database

Correct Answer: A QUESTION 139
For an initial installation of Connectra, Which of the following statements is TRUE?
A. You must configure the Connectra username and password before running the First time Wizard
B. It is possible to run the First Time Wizard from Expert Mode on the Connectra server.
C. It is not possible to use the sysconfig and cpconfig utilities, until the First Time Wizard in the Administration Web GUI is successfully completed
D. It is not necessary to set up the Rule Base before completing Connectra’s installation

Correct Answer: A QUESTION 140
Which of the following statements is FALSE regarding ospf configuration on SecurePlatform Pro?
A. Router ospf 1 creates the Router ID for the Security Gateway and should be the same ID for all Gateways.
B. Router ospf 1 creates an ospf routing instance and this process ID should be different for each Security Gateway.
C. Router ospf 1 creates the Router ID for the Security Gateway and should be different for all Gateways.
D. Router ospf 1 creates an ospf routing instance and this process ID should be the same on all 59 Gateways.

Correct Answer: C QUESTION 141
Using the output below, what does the red flag indicate for the MS08-067 Protection?

A. It indicates it is for follow up.
B. It indicates this protection is for new 0-day vulnerability.
C. It indicates the protection’s Security Level was modified from the default setting by the administrator.
D. It indicates this protection is critical.

Correct Answer: C QUESTION 143
Which of the following statements about the Port Scanning feature of IPS Is TRU6?
A. A.The default scan detection is when more than 500 open inactive ports are open for a period of 120 seconds.
B. B.The Port Scanning feature actively blocks the scanning, and sends an alert to SmartView Monitor.
C. C.Port Scanning does not block scanning; it detects port scans with one of three levels of detection sensitivity
D. D.When a port scan is detected, only a log is issued, never an alert.

Correct Answer: D
QUESTION 146
Your customer asks you about the Check Point SmartWorkflow. He was informed that it is possible to use the SmartWorkflow Software Blade without using *Sessions* and “Role Segregation”. What is the BEST explanation for this?
A. SmartDashboard works as if SmartWorkflow is not enabled. The administrator can modify and install policies without any intermediate steps The administrator will be asked if he wishes to keep the tracking information of deployed changes to see them later with SmartView Tracker
B. SmartDashboard works as if SmartWorkflow is not enabled the administrator can modify and install policies without any intermediate steps Changes are not tracked
C. SmartDashboard works as if SmartWorkflow is not enabled. The administrator can modify and install policies without any intermediate steps. The deployed changes are tracked automatically.
D. The information is incorrect. If the customer uses SmartWorkflow Software Blade, he must use the “Session” with or without “Role Segregation.

Correct Answer: C
QUESTION 147
SmartProvisioning is an integral part of the security management or provider-1 CMA. To enable SmartProvisioning on the security management server:
A. Obtain the SmartProvisioning license, add the License to the Security Management server or CMA, turn on SmartProvisioning on each gateway.
B. Obtain the SmartProvisioning license, add the License to the Security Management server or CMA, disable SecureXL.
C. Obtain the SmartProvisioning license, add the License to the Security Management server or CMA.
D. Obtain the SmartProvisioning license, add the License to the Security Management server or CMA, select the box under policy for SmartProvisioning.
Correct Answer: C
QUESTION 148
What rules send log information to Dshield.org when Center is configured?
A. Determined in IPS. Dshield Storm Center configuration Security Management Server sends logs from rules with tracking set to either Alert of one of the specific User Defined Alerts.
B. Determined by the Global Properties configuration Logs defined In the Log and Alerts section, rules tracking set to Account or SNMP tarp.
C. Determined in Web Intelligence, configuration Information Disclosure is configured, rules with tracking set to user defined alerts or SNMP.
D. Determined by the Dshield Storm Center Logging suiting in Logs and Masters of the Security Management Server object rules with tracking set to Log or None.

Correct Answer: D QUESTION 150
How do new connections get established through a Security Gateway with SecureXL enabled?
A. The new connection will DC first inspected by SecureXL and if it does not match the drop table of SecureXL. Then it will be passed to the firewall module for a rule match.
B. If the connection matches a connection of drop template in SecureXL. It will either be established or
dropped without performing a rule match, else it win be passed to the firewall module for a rule match. 63
C. New connections are always inspected by the firewall and if they are accepted, the subsequent packets of the same connection will be passed through SecureXL
D. New connection packets never reach the SecureXL module

Correct Answer: C QUESTION 151
To help organize events, Eventia Analyzer uses filtered queries. Which of the following is NOT an Eventia Analyzer event property you can query?
A. Even Critical, Suspect, False Alarm
B. Time: Last hour, Last Day, Last Week
C. State Open, Closed, False Alarm
D. Type Scans, Denial of Services, Unauthorized Entry

Correct Answer: B QUESTION 153
You manage a global network extending from your base in Chicago to Tokyo, Calcutta and Dallas. Management wants a report detailing the current Software Level of Each enterprise class Security. You plan to take the opportunity to create 0 proposal outline, listing the most cost effective way to upgrade your Gateways. Which two SmartConsole applications will you use to create this report and outline?
A. SmartLSM and SmartUpdate
B. SmartView Tracker and SmartView Monitor
C. SmartView Monitor and SmartUpdate
D. SmartDashboard and SmartView Tracker

Correct Answer: C QUESTION 154
Your online book store has customers connecting to a variety of web servers to place or change orders and check order status. You ran penetration tests through the security Gateway to determine if the web servers were protected from a recent series of cross site scripting attacks. The penetration testing indicated the Web servers were still vulnerable You have checked every, box In the Web Intelligence tab, and installed the Security Policy. What else might you do to reduce the vulnerability?
A. Configure the Security Gateway protecting the Web servers as a Web server
B. Check the Product > Web Server box on the hoist node objects representing your Web servers
C. Add Port (TCP 443) as an additional port on the Web Server tab for the host node
D. The penetration software you are using is malfunctioning and is reporting a false-positive

Correct Answer: B QUESTION 155
What is a task of the IPS Event Correlation Unit?
A. Analyze each IPS log entry as it enters the Log server.
B. Assign a severity level to an event.
C. Add events to the events database
D. Display the received events.

Correct Answer: A QUESTION 156
A security of administrators opens a new session, makes changes to the policy and submits the session for Approval. The Security Manager may approve the session or request repair if a manager opens a new session and submits it for approval, can he approve his session as a Security Manager?
A. It depends on the type of changes made in the session.
B. It depends on the SmartWorkflow settings in Global Properties.
C. Yes, he can always approve his own session
D. No. he can never approve his own session

Correct Answer: B QUESTION 157
What happens to the session information after they are approved and a policy Installation is done?
66
A. Session information is never deleted from the database.
B. It depends on the SmartWorkflow settings in Global Properties.
C. An option is given to retain the session information, default facing deletion of session information from the database.
D. Session information can only be deleted before a policy is installed

Correct Answer: D QUESTION 159
When a security administrator selects Repair for session requested for repair by a Security Manager, Which of the following happens?
A. The administrator will have to open the old session and make the changes, no note is added automatically, however, the manager adds his notes stating the changes required.
B. The same session is modified with a note automatically added stating Under repair
C. The old status is removed and a new session is created with the same name, but with a note stating New session after repair
D. A new session is created by the name Repairing Session <old id> and the old session status is updated to Repaired with a note stating Repaired by Session <new id>

Correct Answer: D

With Flydumps.com complete study guide for the Checkpoint 156-915 Certification exam you will find questions and answers from previous exams as well as ones that our experts believe will be on the upcoming exams due to upgrades and new releases. This gives you the resources you actually need to pass the exam instead of just studying material without any knowledge of what might be on a test. If you want a career in the IT world, a certification is the only answer to ensure you get your dream job.